security – WP-JSON: Cross Origin Resource Sharing Vulnerability?

Add question

Username* Please type your username .

E-Mail* Please type your E-Mail .

Question Title* Please choose an appropriate title for the question to answer it even easier .

Category Please choose the appropriate category so others can easily search your question.

Tags Please choose suitable Keywords Ex : question , poll .

Poll This question is a poll ? If you want to be doing a poll click here .

Featured image

Browse

Details*

Ask Anonymously Anonymous asks

Video description Do you need a video to description the problem better ?

Video type Choose from here the video type .

Video ID Put here the video id : https://www.youtube.com/watch?v=sdUUx5FdySs EX : 'sdUUx5FdySs'.

Notified Notified by e-mail at incoming answers.

Terms* By asking your question, you agree to the Terms of Service and Privacy Policy.

Captcha*

security – WP-JSON: Cross Origin Resource Sharing Vulnerability?

Question

I am testing the security of a webpage owned by the company I work for. I noticed that an arbitrary origin is accepted. In the screenshot below, you’ll see that I added that example origin which was reflected in the response accordingly.

I am not the admin of this web page nor am I logged into it. I am testing it remotely like an external user. However, If I was logged in, I’m wondering if I could see cookies/API Keys etc in the response? Is this a vulnerability that needs to be fixed or is this just normal, secure word press behavior?